Creating Active Directory user with password in C#

RajenK picture RajenK · Feb 21, 2010 · Viewed 48.8k times · Source

I'm looking for a way to create Active Directory users and set their password, preferably without giving my application/service Domain Admin privileges.

I've tried the following:

DirectoryEntry newUser = _directoryEntry.Children.Add("CN=" + fullname, USER);
newUser.Properties["samAccountName"].Value = username;
newUser.Properties["userPassword"].Value = password;
newUser.Properties["mail"].Value = email;
newUser.CommitChanges();

The user is created, but it seems the password is never set on the user.

Does anyone have an idea on how to set the user's password initially when creating the user? I know about

.Invoke("SetPassword", new object[] { password })

But that requires my code to be run with Domain Admin privileges. As I don't really see the point to grant my code Domain Admin privileges, just to set the initial password (I also allow user password resets, but those run in the context of that particular user), I am hoping someone has a clever solution that doesn't require me to do so.

Thanks in advance!

Answer

Nick Craver picture Nick Craver · Feb 21, 2010

You can do this whole process much easier now with System.DirectoryServices.AccountManagement (long as you're on .Net 3.5):

See here for a full rundown

Here's a quick example of your specific case:

using(var pc = new PrincipalContext(ContextType.Domain))
{
  using(var up = new UserPrincipal(pc))
  {
    up.SamAccountName = username;
    up.EmailAddress = email;
    up.SetPassword(password);
    up.Enabled = true;
    up.ExpirePasswordNow();
    up.Save();
  }
}